Privacy policy

PRIVACY POLICY

Any personal data provided to the Green REV Institute Foundation will be processed pursuant to
Regulation (EU) of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with personal data processing and on the free flow of such data and repealing directive 95/46/EC (General Data Protection Regulation).

This privacy policy is compliant with the provisions of Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with personal data processing and on the free flow of such data and repealing directive 95/46/EC (further GDPR).

  1. Personal Data Controller.

The Personal Data Controller is the Green REV Institute Foundation with the registered office
in Warsaw ul. Giordana Bruna 34, skrytka 5, 02-523 Warsaw, entered in the National Court Register under no. KRS: 0000521182, hereinafter referred to as the “Foundation” or the “Controller”.

  1. Form of contact and Data Protection Officer (DPO).
  2. The Foundation may appoint the Personal Data Officer (DPO), and is obligated to do this in the cases envisaged by the law.
  3. In any cases concerning personal data protection and the exercising of the rights related to the processing of these data, the suggested form of contact is electronic mail at: kontakt@greenrev.org.
  1.  Categories, objectives and basis for personal data processing.
  2. Personal data will be processed by the Foundation for the purposes related to the statutory operations, bearing in mind the mission, goals and the form of the Foundation’s operations as well as the commonly binding legal regulations.
  3. The personal data will be processed for the following purposes and on the following legal basis:
    1. In order to inform about the Foundation’s operations:

– first name, last name, sex, address, e-mail address, phone;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent.

  • In order to expand the group of members of the Foundation’s Expert Council:

– first name, last name, PESEL number, sex, address, e-mail address, phone, date of birth, education, professional experience;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent

  • In order to recruit on work posts offered by the Foundation:

– first name, last name, PESEL number, sex, address, e-mail address, phone, date of birth, education, professional experience;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent.

  • In order to conduct recruitment and hire under voluntary service in the Foundation:

– first name, last name, PESEL number, sex, address, e-mail address, phone, date of birth, education, professional experience;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent.

  • In order to collect signatures under petitions as well as initiatives consistent with the Foundation’s statutory operations:

– first name, last name, PESEL number, address, e-mail address;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent.

  • In order to issue invoices and other accounting documents related to
    the Foundation’s functioning:

– first name, last name, company, PESEL number, NIP (tax ID), REGON (business register), address, e-mail address, phone, bank account no.;

– The legal basis for such data processing is Article 6 section 1 letter c GDPR, which allows personal data to be processed, if such processing is necessary to fulfill the Controller’s obligations resulting from the law and directly the agreement concluded between the parties.

  • For accounting, archival and evidence purposes and to the extent of determining, asserting or securing claims:

– first name, last name, company name, PESEL number, NIP (tax ID), REGON (business register), address, e-mail address, phone, bank account no., amount of donation paid;

– The legal basis for such data processing is Article 6 section 1 letter f of GDPR, which allows personal data to be processed, if, in this way, the Controller is pursuing their legitimate interest.

  • In order to provide answers to questions asked electronically or by traditional mail:

– first name, last name, address, e-mail address, phone;

– The legal basis for such data processing is Article 6 section 1 letter a of GDPR, which allows personal data to be processed based on a voluntarily granted consent.

  1. Withdrawal of the consent to the processing of personal data.
  2. The Controller makes any effort to ensure that the persons providing personal data, participating in the Foundation’s operations, signing documents related to
    the Foundation’s functioning or accepting necessary terms and conditions, are conscious and have been exhaustively informed about any due rights
    and obligations.
  3. In the event that  the consent to the processing of personal data is voluntarily granted, the persons providing personal data can withdraw the granted consent at any time and in any form, provided that it is clearly communicated to the Controller.
  4. In the case of withdrawal of the consent to the processing of the personal data, the Controller shall cease processing thereof immediately after obtaining such request, unless they have the right to further processing on another legal basis than the granted consent.


  • Requirement to provide personal data.
  • The provision of personal data is voluntary in most cases, however, the lack of the consent to the processing of the personal data in whole or some of them may prevent or hinder the purpose for which the persons providing the data intended to support the activities of the Foundation, initiate contact or cooperation.
  • Given the above, in order to pursue the goals specified in item III, the necessary data specified therein should be provided. Not always these will be all the data listed in item III, and their scope will be limited by the principle of minimalism and the need for the Foundation to have the particular personal data.
  • Personal data retention period and rights.
  • The personal data will be stored for the period consistent with the provisions of the binding law.
  • The persons providing personal data always have the right to request the following from the Controller:
  • access the personal data,
  •  rectify the personal data, 
  • remove the personal data,
  • restrict the processing thereof,
  • submit an objection against the processing thereof or
  • transfer the personal data.
  • The above requests can be sent in any form to the Controller’s addresses as specified in item I or II.
  • However, the Controller notifies that the above listed rights are not absolute, and, consequently, in some situations the Foundation may, pursuant to
    the law, refuse to fulfill them.
  • In the case of the right to file an objection against the processing of the personal data, the Controller explains that at any time the person is authorized to object to personal data processing based on the Controller’s legitimate interest (they have been listed in item III) in connection  with a special situation of the persons providing the data. However. the Controller may, in line with the law, refuse to acknowledge an objection, if they prove that there are legitimate grounds for the processing which are superior towards interests, rights and freedoms of the persons providing the data or there are grounds for determining, asserting  or defending against claims.
  • Automated personal data processing and profiling.
  • Personal data can be used for automated data processing, also for profiling, namely building analyses and forecasts concerning the data subject on the basis of the collected personal data.
  • Profiling involves the activity of the persons providing the data under the Foundation’s statutory operations and can be applied in its each possible aspect. It allows effective and purposeful actions to be taken, directly focused on the scope of activity of the persons providing the data, minimizing the interaction
    in the areas outside their interest.
  • Automated personal data processing can rely on customization of any delivered content as well as, in some cases, assignment of a personal category to the user’s profile.
  • Transferring personal data to third parties.
  • Personal data may be entrusted for processing to any entities selected by the Controller on the basis of a written agreement regarding personal data entrustment,
    for the purposes listed in this Privacy Policy and to an extent not exceeding the one specified in this Privacy Policy, and in a way stipulated in the law.
  • The data can also be transferred to foundations, associations and organizations
    of a similar or close profile of operations to that of the Foundation.
  • The data can be entrusted for processing also to any entities the services of which are used by the Foundation in connection with the processing thereof, in particular suppliers of IT services, accounting or legal services – in the scope necessary to properly perform these services.
  • Personal data may also be transferred to authorized government bodies
    in the cases regulated by the law.
  • Apart from the above mentioned cases, any personal data are confidential
    and in no circumstances and in no form will be disclosed or transferred to other entities.


  • Transfer of personal data to third states.
  • In principle, personal data will not be transferred outside the European Economic Area.
  • However, in the event that it is necessary to transfer the personal data to third states which, according to the European Commission, do not fulfill the minimum requirements for personal data protection, we would like to inform you that the personal data can be transferred only after obtaining a separate and voluntary consent of the persons  providing the data to this type of action.
  • Bearing in mind the risk involved in personal data transfer according to section 2 above, it should be taken into account that the Foundation is unable to guarantee proper personal data protection in the event that the data are transferred to third states.
  • Right to file a complaint.

In the event that the persons providing data acknowledge that the personal data have been threatened, affected or are processed not in line with the law, these persons have the right to lodge a complaint to the President of the Personal Data Protection Office.

  1. Cookies.
  2. On its website, the Foundation utilizes the so-called cookies, namely short text data, saved on a computer, phone, tablet or another user’s device.
  3. Use of the Foundation’s website means that the visitor has expressed their consent to placing cookie files in the user’s terminal device.
  4. Each user can turn cookie files off by making the respective configuration of their web browser. However, in the event that this option is used, it will be possible to use the Foundation’s website, apart from the functions that need cookie files by their nature.
  5. Cookie files contain, among others, the following data:
  6. public IP address of the computer which the request has been received from,
  7. information on type of the user’s/users’ operating system,
  8. information on the user’s/users’ browser,
  9. sites visited by the user, amount of time spent on each of them.
  10. In principle, cookie files do not contain any data identifying the website visitors, nobody’s identity can be determined on their basis – the cookies mechanism does not allow any personal data or any confidential information to be collected from the user’s device.
  11. The Foundation utilizes the following cookies:
  12. session files – are stored in the user’s device and are kept there until the browser’s session is terminated, any recorded information is then permanently removed from the memory of the device,
  13. permanent files – are stored in the user’s device and are kept there until deleted, termination of the browser’s session or turning off the device does not remove them from the user’s device.
  14. The cookie files are used, among others, in order to:
  15. adjust the content of the website to the user’s preferences and optimize use of the site,
  16. create statistics with the goal being to determine how users use the website.
  • Final provisions
  • To the extent not regulated by the present Privacy Policy, binding are the provisions
    related to the scope of personal data protection.
  • This Privacy Policy has been in force as from 4 November 2020.
powrót do góry
Skip to content